Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,140 advisories

Loading
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender... Critical Unreviewed
CVE-2020-15297 was published May 24, 2022
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27624 was published May 24, 2022
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the... Moderate Unreviewed
CVE-2019-14476 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28978 was published May 24, 2022
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for... High Unreviewed
CVE-2020-26032 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28977 was published May 24, 2022
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF... Moderate Unreviewed
CVE-2020-25820 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in... Critical Unreviewed
CVE-2020-35205 was published May 24, 2022
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth... Moderate Unreviewed
CVE-2021-23927 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430,... Moderate Unreviewed
CVE-2020-6308 was published May 24, 2022
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Moderate Unreviewed
CVE-2020-15002 was published May 24, 2022
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through... High Unreviewed
CVE-2020-24641 was published May 24, 2022
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An... High Unreviewed
CVE-2020-23776 was published May 24, 2022
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Critical Unreviewed
CVE-2020-35712 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. High Unreviewed
CVE-2020-24063 was published May 24, 2022
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names... Moderate Unreviewed
CVE-2020-24700 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server... Moderate Unreviewed
CVE-2020-27018 was published May 24, 2022
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier)... High Unreviewed
CVE-2021-21009 was published May 24, 2022
A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM)... High Unreviewed
CVE-2021-1272 was published May 24, 2022
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is... Low Unreviewed
CVE-2020-4787 was published May 24, 2022
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is... Moderate Unreviewed
CVE-2020-4786 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via... Critical Unreviewed
CVE-2020-23534 was published May 24, 2022
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions... Moderate Unreviewed
CVE-2020-12529 was published May 24, 2022
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro... Moderate Unreviewed
CVE-2021-25236 was published May 24, 2022
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to... Critical Unreviewed
CVE-2021-27103 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database